just another infosec blog

Don’t help the police

One interesting headline in the Norwegian newspapers today is an allegedly hacking attempt on a Facebook account. The background story goes something like this:

Norwegian police are facing an abduction case of a 16 year old girl in Oslo. The police think that there might be some vital information on the Facebook profile of this victim – hence they’ve requested the log in details for her account from Facebook. Facebook allegedly provided them the desired information except her log in details. One “hacker” going rogue tried to hack her account going all Samaritan. Newspaper reports were not conclusive if he were successful or not.

With this information in mind consider this:

If you got the skill – do not attempt to help the police, ever! Please remember that the police need access to untampered information. If you break into a service, like Facebook or anything else, and provide them the “evidence” then the investigation team can not be sure if the data is clean. Last year we faced exactly the same thing regarding the massacre at Utøya island. Some hackers broke into Breivik’s account and the police were not sure if the information provided were fake or not. Sure – your intentions might be good. But you might end up causing a major headache for everyone.

So – whether you are a grey hat or a blackhat, or a skiddie – don’t go down this path. Play fair – lead the police in the proper direction instead.